A Sybil attack is an attack against peer-to-peer networks in which a single attacker creates many fake identities to gain an advantage in the network. Other users do not recognize these identities as fictitious, which gives the attacker a disproportionately large influence over the network.
Not only are blockchain networks peer-to-peer, they also often operate on a trustless basis, which exposes them to the threat of Sybil attacks. However, there are many measures in place to dissuade these attacks or even prevent them entirely. Everything from proof of work and alternative, authority-based validation systems, to a reserve requirement in creating wallets has been installed as a counter to this type of attack.
Sybil attack essentials
- An attack against peer-to-peer networks, such as blockchains.
- The attacker creates multiple fake identities to gain influence in the network.
- Proof of work is an efficient means of preventing a Sybil attack.
- Reserve requirements, trusted validators and other solutions render a Sybil attack ineffective.
Sybil attacks on blockchains
Sybil attacks are more common than one would expect. For instance, something as innocent as social media influencers, who buy likes and views to grow in popularity, is considered a Sybil attack. More serious cases are also quite common, such as corrupt politicians, who circumvent the authorities to cast illegitimate votes in their own favor. Sybil attacks usually take place on networks, where there is no direct human interaction, which makes blockchain networks a target.
The name Sybil comes from the title of a 1973 book by F. R. Schreiber, whose titular character suffered from dissociative identity disorder, causing her to assume multiple identities.
When launching a Sybil attack, a single adversary creates multiple identities on a peer-to-peer network that are indistinguishable from genuine peers. These could be computers, virtual machines, identities with different usernames, emails etc. But on blockchains, these identities are nodes.
Since nodes are pseudonymous, there is no clear connection between a node and an offline entity (the person or institution owning the node). This makes weeding out fake nodes from genuine ones a difficult task, which thus makes the Sybil method all the more inviting for an attacker.
An attacker can flood the network with nodes that they control and theoretically surround individual honest nodes, thus isolating them from the rest of the network. This allows them to focus their attack on a particular node and alter the transaction data relayed to it or cease relaying blocks and transactions to it, which effectively disconnects it from the network.
Such an attack is usually not absolute: it would be very difficult to achieve the complete isolation of a node on a peer-to-peer network. An attacker only needs to gather sufficient influence in the network to be able to mislead honest nodes into accepting an alternative truth. Even a portion of the nodes in the network working in unison against honest nodes can lay the groundwork for launching an attack.
Weaknesses to Sybil attacks
Vulnerability to Sybil attacks depends primarily on how quickly and cheaply new nodes can be created. If the generation process is free and requires little to no computational effort, launching a Sybil attack is easy. Furthermore, vulnerability is also a question of trust, insofar as trust is a vital component of a blockchain’s operation. A system that places trust in peers based on no evidence of their honesty is easily exploitable, whereas a system that requires peers to prove their trustworthiness (by revealing their offline identities, for example) is difficult to launch a Sybil attack against.
Protecting against Sybil attacks
An attacker who aims to use a Sybil attack on a blockchain network that uses proof of work will find creating multiple identities of no advantage when cracking the computational puzzle. Proof of work requires a certain amount of computing power to mine new blocks, and an attacker fragmenting their power through numerous nodes does nothing to increase the potency of their attack. They have the same chance of creating a block as they would when they operate as a single node.
Nevertheless, there are still ways to reap the benefits of a Sybil attack outside of outright mining. Despite this, many blockchains allow anyone to join their network, with no particular restriction. One of the obstacles in becoming a full node (a node that validates) comes in the form of the storage requirement for the blockchain. Bitcoin’s blockchain is currently around 250 GB in size, which does somewhat dissuade creating new full nodes. However, many less-popular blockchains require much less storage, which makes spamming new full nodes almost trivial.
That is why blockchain developers often put restrictions in place to dissuade creating many fake identities. On the Bitcoin blockchain, which uses proof of work, nodes can be ignored if found to be consistently relaying false information. But a number of blockchains have gone down a different path in preventing Sybil attacks by forgoing the economic means of preventing Sybil attacks in favor of merit-based means.
Blockchains that use proof of authority usually appoint a select number of trusted entities who are in charge of validating blocks. The same goes for delegated proof of stake, but the election of these entities is left to the community. And while this goes a long way to prevent Sybil attacks, it makes entities with authority the primary targets.
With a combination of all the measures described (and many others), the largest blockchains effectively deal with Sybil attacks. It is unlikely that such an attack could be successfully deployed on the blockchains of the biggest cryptocurrencies by market cap in existence.